Qualified Security Assessor

Social network you want to login/join with:

We’ve been around since 2003, focusing on excellence in cyber security. Our teams offer world-class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance. Our business is global, serving clients such as central banks, government agencies, critical infrastructure, and large retailers. #LI-Nettitude

We’re an award-winning provider of cyber security services and are at an exciting stage of growth. We seek talented individuals to join us as we tackle the evolving challenges in IT and cybersecurity. LRQA Nettitude aims to be a leader in this field, and we want you to be part of our team.

Learn more about us at www.nettitude.com. To review our research and tooling, visit https://labs.nettitude.com.

We are looking for a QSA to join our GRC team in the UK. This is a home-based role with travel to client sites.

You will deliver security consultancy in a client-facing role, focusing on:

• PCI DSS consultancy and assessments
• Security reviews against standards like NCSC 10 Steps to Cyber Security and NIST CSF
• ISO 27001 gap analyses
• Helping clients implement ISMS and achieve ISO27001 certification
• Supporting third-party risk management and audit programs

• Current QSA with experience in multiple on-site PCI DSS assessments, demonstrating understanding of complex environments and consulting skills
• Experience with ISO 27001, including implementing ISMS and certification processes
• Familiarity with NIST CSF
• Basic understanding of networking, Windows, Linux, and security technologies (antimalware, IDS/IPS), without requiring hands-on operational experience
• Experience as a client-facing consultant, with strong communication skills
• Structured, methodical work approach with good time management and focus on quality

Your primary role involves delivering PCI DSS consultancy and assessments, with opportunities to engage in other security areas and bespoke projects.

• Home-based, with travel mainly within the UK and some international opportunities; all candidates must reside in the UK
• On-site work for PCI DSS assessments; other tasks can be performed remotely

Deliver consultancy services including:

• Security reviews against standards like NCSC 10 Steps, NIST CSF, Cyber Essentials
• ISO 27001 gap analyses and implementation support
• PCI DSS assessments, policy development, and compliance reporting
• Risk and third-party risk assessments
• Supporting pre-sales activities, understanding client needs, and proposal development

• Current QSA with PCI DSS assessment experience
• ISO 27001 implementation and certification experience
• Basic knowledge of core security concepts and technologies
• Client-facing consulting experience with leadership in delivery
• Structured work style and time management skills

• Experience with NIS directive, NCSC CAF, or CAA ASSURE
• Experience presenting to senior management and risk owners
• Leadership qualities, team development, and mentorship skills
• Security awareness training experience
• Technical hands-on experience (recent or past)

Active QSA must hold certifications from list A and B per PCI SSC. Additional beneficial certifications include:

• ISO 27001 Lead Auditor or Implementer
• CISSP
• CISM
• CRISC

• A people-focused, high-performing, trusted professional team. We value diversity and encourage communication through technology and regular team meetings.

Opportunities include:

• Making a difference by challenging norms and developing new services
• Engaging in industry discussions, blogging, and public speaking
• Continuous professional development and knowledge sharing in new domains